Risk register n 


Risk Date raised Opportunity/risk description (opportunities Type Theme Probability (1 Impact (1 
Number shaded in blue) low, 5 high) low, 5 high) 
dl, 10/05/17 Amendments to UK legislation, needed because of External Policy 4.0 4.0 
GDPR and the LED, are too late to allow the ICO, as 
regulator, or the regulated sector to adequately 
plan and prepare for implementation. 
2 05/05/17 That we fail to recruit the right people with the Internal/ People 4.0 4.0 
right skills into the most important roles to enable External 
the ICO to prepare for GDPR. 
3 05/05/17 That as the skills of ICO staff are in high demand we Internal/ People 4.0 4.0 


10 


11 


12 


01/04/17 


01/04/17 


05/05/17 


see an increase in staff turnover, either External 
organisation wide or in discrete teams or 
departments, which has a detrimental impact on 


the capacity and capability of the organisation. 


Ability of the ICO to spot emerging technological Internal 


issues and to stay on top of them as they develop 


Risk of insufficient operations resources to match Internal 
demand for our services, especially during the 
relative uncertainty as we transition to a new 
regulatory regime 

The ICO may have insufficient funds to meet 
business needs following the implementation of 


GDPR. 


Internal 


Policy 


Ops 


Finances 


3.0 


4.0 


2.0 


3.0 


3.0 


4.0 


Level (1 low, 
25 high) 


Proximity Strategic Actions required Owner 
Short term Strategic Providing support to DCMS to ensure that SLT: Steve Wood 
legislative changes are made. Monitoring passage 
of the Data Protection Bill. 
Short term Strategic Range of People projects underway intended to SLT: Paul Arnold 
mitigate strategic people risks. Progress reported to 
Change Board, SLT and MB 
Short term Strategic Range of People projects underway intended to SLT: Paul Arnold 


Medium 
term 


Medium 
term 


Short term 


Strategic 


Strategic 


Strategic 


mitigate strategic people risks. Progress reported to 
Change Board, SLT and MB 


Technology Strategy being developed. Head of SLT: Steve Wood 
Technology Policy recruited and starting in 

November. Recruitment of Senior Policy Officers - 

Technology underway. 

Review and refine projections and close monitoring SLT: James 

of actual demand. Dipple- 


Johnstone 


Fee raising power confirmed in Digital Economy SLT: Paul Arnold 
Act. Future fees are being discussed with DCMS 

following a consultation, with a view to fee 

regulations being laid by the SoS later in the year. 

Fees to be set to meet ICO business need. Work 

also commissioned to follow up 100% of expired 

registrations to maximise size of register prior to 

transition. 


13 


14 


16 


18 


23 


24 


25 


26 


27 


32 


10/05/17 


29/06/17 


05/05/17 


01/04/17 


28/06/17 


24/07/17 


31/08/17 


05/05/17 


05/05/17 


05/05/17 


The ICO is not seen as being relevant to information Internal/ 


rights issues by its stakeholders (the public, media, 
gov etc) and hence loses influence. 


The ICO GDPR change programme is not delivered 
to time to scope or within budget 

As the ICO's fee income arrangements change our 
registration service is not equipped to cope and as 
a result the collection of the ICO's fee income is 
placed at risk. 


Cyber defences are not sufficiently robust because 
the IT environment is not maintained to the 
required standard, security and integrity 


ICO fails to meet expectations when dealing with 
strategic files in terms of timing and effective 
outcomes. 

An increasing number of regulators, some with 
remits related to that of the ICO, results in a lack of 
clarity and reduced visibility of the ICO's role 


Poor industrial relations may impair engagement 
between ICO management and its workforce, 
leading to sub-optimum productivity and reduced 
ability to deliver change. 


The risk that in-year fee income is not received at a 
rate necessary to fund our agreed budget. 
(2017/18) 


That we fail to take the opportunity to lead and 
support all ICO staff to develop their individual 
capability and to maximise their personal 
contribution to our strategic goals and priorities. 


That we do not have sufficient space to 
accommodate our expanding workforce 


External 


Internal 


Reputation 


Reputation 


Major Project Finances 


External 


Internal/ 
External 


External 


Internal 


External 


Internal 


Internal 


IT 


Reputation 


Reputation 


People 


Finances 


People 


People 


2.0 


2.0 


2.0 


2.0 


2.0 


2.0 


3.0 


2.0 


2.0 


1.0 


4.0 


4.0 


3.0 


3.0 


3.0 


3.0 


2.0 


2.0 


2.0 


2.0 


Medium 
term 


Short term 


Short term 


Medium 
term 


Medium 


term 


Medium 
term 


Medium 
term 


Short term 


Long term 


Medium 
term 


Strategic 


Strategic 


Strategic 


Strategic 


Strategic 


Strategic 


Strategic 


Strategic 


Strategic 


Strategic 


International Strategy, Parliamentary and Gov SLT: Elizabeth 
Engagement Strategy and Technology Strategy Denham 
being developed. Information Rights Strategic Plan 
being bedded in. 

Change programme in place mitigating risk on an 
ongoing basis and overseen by SLT 

We will maintain 100% follow up of data controllers SLT: Paul Arnold 
who cease to renew registration and have 

produced external communications to make clear 

the need to renew each year. Project team are in 

the process of developing the processes and 

technology to implement new fee income 

collection service based on the future funding 


model. 
Long standing compliance with PSM combined with SLT: Paul Arnold 


regular programme of IT health check/penetration 
tests . Working towards ISO 27001 compliance. 


SLT: Paul Arnold 


Action underway to provide processes for strategic SLT: Steve Wood 
files. And monthly SLT oversight in place. 


Communications business plan overseen by SLT: Elizabeth 
Communications Steering Group, plus regular Denham 
communications strategy meetings with SLT and 

the Commissioner. 


Regular Joint Committee meetings between TUS SLT: Paul Arnold 


and Management. 


We follow up 100% of expired registrations and SLT: Paul Arnold 
monitor the rate at which fee income is received 

week to week against previous trends and 

forecasts. Progress overseen by finance department 


and standing agenda item at DCEO steering group. 


Range of People projects underway intended to SLT: Paul Arnold 
mitigate strategic people risks. Progress reported to 


Change Board, SLT and MB 


Accommodation strategy agreed by SLT in May. A SLT: Paul Arnold 
new lease was signed on space adjacent to Wycliffe 

house which increases Wilmslow accommodation 

by 20-25%. Continuing to explore ways of best 

utilising ICO space in general as well as in the new 

space. 


